NIST
•
16th November 2023
SP 800-221, Enterprise Impact of Information and Communications Technology Risk
Information and Communications Technology (ICT) spans all tools, devices, data, infrastructure, and components and it’s a broad concept that continues to evolve. This publication helps in understanding the relationship between ICT risk management and ERM—and the benefits of integrating those approaches. This includes ICT risk guidance on how all ICT risk programs, including individual programs such as privacy, supply chain, and cybersecurity, integrate into ERM.